The Intruder in the Brigham OR – How Did She Get There?

From “The Intruder in the Brigham OR – How Did She Get There?”
Boston Globe (02/05/17) Kowalczyk, Liz. Re-posted by ASIS.

A former surgical resident impersonated a physician and gained access to restricted areas to observe operations and attend patient rounds at Brigham and Women’s Hospital in Boston. Cheryl Wang, previously dismissed from a residency program in New York City, wandered into operating rooms in official Brigham scrubs she may have obtained from a previous visit. Although Brigham staff are required to scan their identification badges to enter operation rooms, Wang slipped into the surgical suites by walking in behind other employees who were holding the door open for each other. Following the security breach, the hospital says it has strengthened its policy for allowing observers into its operating rooms. Physicians now are required to verify that a doctor-in-training is in good standing with his or her educational institution. The hospital also plans to educate staff about the dangers of “tailgating,” or letting people follow staff into restricted areas without scanning an ID card. Electronic card access and surveillance cameras are considered security best practices, but hospital security experts are considering other safeguards, including turnstiles, security officers, and biometric systems.

Share Facebook  LinkedIn  Twitter  | Web Link | Return to Headlines

Can You Hear Me? Just Say “NO!” (Or Hang Up)

Reports have surfaced about a new scam using a familiar line.  Scammers call, identify themselves by name and company and during the momentary pause that follows, the scammer says, “Can you hear me?”  Of course we all respond, “yes,” and then we hang up or say we’re not interested or let loose a string of expletives.  You get my point.  But no matter how you respond– the damage is done.

The scammer records your yes response and neatly places it in a recording making it sound like you answered yes to ordering various goods.  When you later call to complain, you are met with the sound of your own voice verifying the purchase.  As a matter of fact, these folks are bold enough to threaten to sue you if you don’t pay for your “order.”

There are so many creative scams out there it is important to remember a few simple rules that might eliminate a great deal of inconvenience (or money loss) later:

DO NOT answer calls from numbers you don’t recognize.

DO NOT verify your phone number with anyone you didn’t call.

DO NOT give out personal information on any call you did not initiate.

It is not likely we can avoid all scammers– but let’s not make it easy for them!

 

A Hospital’s Safety Lessons

From “A Hospital’s Safety Lessons”
Security Management (10/16) Abdulaziz Al Essa, Ibrahim. Printed by ASIS.

A deadly fire that broke out at Jazan General Hospital in Saudi Arabia last December has been attributed to negligence by hospital and Ministry of Health officials as well as poor design and implementation of the building. The fire, which killed 25 people and injured 124, was caused by an electrical short circuit on the first floor of the hospital. Hospital staff members were able to evacuate all patients on the first floor, but the resulting smoke density and escalation to the hospital’s upper floors caused deaths due to asphyxiation. Defects in the building’s fire isolation and alarm system and faulty oxygen extension pipes also facilitated the fire’s spread. The Ministry indicated that the hospital staff’s lack of security and safety training led to an increase in deaths and injuries during the evacuation process. The hospital did not have an incident command team, mechanisms to control emergency exits, or fire extinguishing systems. The evacuation process was further hampered by cars and bystanders congesting the area outside the hospital. Hospital officials ignored the warnings of the Saudi Arabia Civil Defense Agency prior to the facility’s opening in 2009, including concerns that the contractor hired to construct the building committed several engineering errors.

 

Yahoo Says Information on at Least 500 Million User Accounts Was Stolen

From “Yahoo Says Information on at Least 500 Million User Accounts Was Stolen”
Wall Street Journal (09/23/16) McMillan, Robert. Posted by ASIS.

Yahoo Inc. reported Thursday that hackers backed by an unnamed foreign government had stolen personal information from more than 500 million of its users’ accounts. Hackers penetrated Yahoo’s network in late 2014 and stole personal data on more than 500 million users. The stolen data included names, email addresses, dates of birth, telephone numbers, and encrypted passwords, Yahoo said. Yahoo said it believes that the hackers are no longer in its corporate network. The company said it did not believe that unprotected passwords, payment-card data, or bank-account information had been affected. In July, Yahoo began investigating claims by hackers who were offering to sell what they said were 280 million Yahoo usernames and passwords. Yahoo said it concluded the information for sale was not legitimate, but the company decided to broaden its probe, eventually determining that it had been breached by “a state-sponsored actor.” Yahoo did not say how the hackers broke into its network or which country sponsored the attacks. The intrusion, in 2014, came during a period when many computer attacks were believed to be the work of China. More recent hacks, however, including of the Democratic National Committee earlier this year, have been blamed on Russia. Both countries have denied involvement in the hacks. The Yahoo breach appears to be the largest ever disclosed, based on the number of users affected, said Paul Stephens, director of policy and advocacy with Privacy Rights Clearing House.

 

Crooks Are Selling a Skimmer That Works on All Chip Card Readers

From “Crooks Are Selling a Skimmer That Works on All Chip Card Readers”
CSO Online (08/31/16) Korolov, Maria. Posted by ASIS.

Researchers have found a website that claims to sell “the most advanced EMV chip data collector in the world.” The seller says that the device is powered by the point of sale terminal, and can hold information on up to 5,000 credit cards in its memory. The equipment can also be used on machines made by Ingenico and Verifone, as well as terminals on gas station pumps, ticket purchase stations, and on small ATMs, specifically those manufactured by Triton. Andrei Barysevich, director of Eastern European research and analysis at Flashpoint, says that the device is primarily targeted towards Latin America. Latin America is still reliant on static data authentication chips, which allow criminals to create usable new chip cards with the data they catch, making it an easier target. Barysevich also says that the “technology can be used in any point of sale device. It literally takes less than 10 seconds to install, and once installed, it stays there forever.” He said that terminal manufacturers have been notified about the issue.

Laptops Most Often Stolen From Most Unlikely Place

From “Laptops Most Often Stolen From Most Unlikely Place”
CIO (08/15/16) Olavsrud, Thor. Posted by ASIS.

According to Kensington’s IT Security & Laptop Theft report, the No. 1 place employees had experienced IT theft was ‘cars and transportation’. The No. 2 response, coming in ahead of ‘airports and hotels’ and ‘restaurants’ was the office. Kensington, a supplier of desktop and mobile device accessories, surveyed 300 U.S. IT professionals from a range of industries for the report. The company found that 34 percent of organizations do not have a physical security policy in place for their laptops, mobile devices, and other electronic assets. Additionally, 54 percent of respondents do not currently use physical locks for IT equipment. “Since studies confirm that well-implemented security can significantly decrease laptop theft by as much as 85 percent, it’s important for IT personnel to consistently utilize physical locks for computing and mobile equipment to provide resistance to tampering and theft,” said Rob Humphrey, director of Global Product Management, Security, Kensington.